# -*- autoconf -*-
#########################################
##
# Miscellaneous checks
##
#########################################

##
#   Package characteristics
#       Authentication/Encryption support
##

#       Check for PKCS11
#
AC_MSG_CHECKING([for authentication support])
useopenssl=no
usepkcs=no
if test "x$ac_cv_lib_pkcs11_C_Initialize" != "xyes" -o "x$ac_cv_header_security_cryptoki_h" != "xyes"; then
    if test "x$askedpkcs" = "xyes"; then
        AC_MSG_ERROR(Asked to use PKCS11 but I couldn't find it.)
    fi
else
    if test "x$askedpkcs" = "xyes"; then
        usepkcs=yes
    fi
fi

#       Check for OpenSSL
#
if test \( "x$ac_cv_func_EVP_md5" != "xyes" -a \
           "x$ac_cv_lib_EVP_md5" != "xyes" \) -o \
	"x$ac_cv_header_openssl_hmac_h" != "xyes"; then
    if test "x$askedopenssl" = "xyes"; then
        AC_MSG_ERROR(Asked to use OpenSSL but I couldn't find it.)
    fi
else
    if test "x$askedopenssl" = "xyes"; then
        useopenssl=yes
    elif test "x$tryopenssl" = "xyes"; then
        if test "x$usepkcs" != "xyes"; then
            useopenssl=yes
        fi
    fi
fi

#       Available authentication/encryption modes
#
if test "x$CRYPTO" = "xinternal" ; then
    authmodes="MD5 SHA1"
    if test "x$enable_privacy" != "xno" ; then
        encrmodes="DES AES"
    else
        encrmodes="[disabled]"
    fi
    AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
    AC_MSG_RESULT(Internal Crypto Support)
elif test "x$useopenssl" != "xno" ; then
    authmodes="MD5 SHA1"
    if test "x$ac_cv_func_EVP_sha224" = xyes; then
        authmodes="$authmodes SHA224 SHA256"
    fi
    if test "x$ac_cv_func_EVP_sha384" = xyes; then
        authmodes="$authmodes SHA384 SHA512"
    fi
    if test "x$enable_privacy" != "xno" ; then
        if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
            encrmodes="DES AES"
	else
	    encrmodes="DES"
	fi
    else
        encrmodes="[disabled]"
    fi
    AC_DEFINE(NETSNMP_USE_OPENSSL)
    LNETSNMPLIBS="$LNETSNMPLIBS $LIBCRYPTO"
    AC_MSG_RESULT(OpenSSL Support)
elif test "x$usepkcs" != "xno" ; then
    authmodes="MD5 SHA1"
    if test "x$enable_privacy" != "xno" ; then
        encrmodes="DES"
    else
        encrmodes="[disabled]"
    fi
    AC_DEFINE(NETSNMP_USE_PKCS11, 1,
      [Define if you are using the codeS11 library ...])
    LNETSNMPLIBS="$LNETSNMPLIBS $LIBPKCS11"
    AC_MSG_RESULT(PKCS11 Support)
elif test "x$enable_md5" != "xno"; then
    authmodes="MD5"
    encrmodes=""
    AC_DEFINE(NETSNMP_USE_INTERNAL_MD5)
    AC_MSG_RESULT(Internal MD5 Support)
fi
if test "x$enable_md5" = "xno"; then
    authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
   test "x$CRYPTO" = xinternal; then
    encrmodes="$encrmodes AES128"
    if test "x$aes_capable" = "xyes"; then
        encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
    fi
fi
AC_SUBST(LNETSNMPLIBS)
AC_SUBST(LAGENTLIBS)

AC_MSG_CACHE_ADD(Crypto support from:        $CRYPTO)
AC_MSG_CACHE_ADD(Authentication support:     $authmodes)
AC_MSG_CACHE_ADD(Encryption support:         $encrmodes)

if test "x$all_warnings" != "x"; then
    AC_MSG_CACHE_ADD(WARNING: $all_warnings)
fi

#
# Check whether user wants DNSSEC local validation support
#
_libs=${LIBS}
if ! test "x-$want_dnssec" = "x-no" ; then
    AC_CHECK_HEADERS([validator/validator-config.h])
    if test "$ac_cv_header_validator_validator_config_h" != yes; then
        AC_MSG_ERROR(Can't find validator.h)
    fi
    if test "x$ac_cv_lib_EVP_md5" != "xyes" -o \
            "x$ac_cv_header_openssl_hmac_h" != "xyes"; then
        AC_MSG_ERROR(Couldn't find OpenSSL for local DNSSEC validation support.)
    fi
    LIBS="$LIBS $LIBCRYPTO"
    AC_CHECK_LIB(sres, query_send,,AC_MSG_ERROR([Can't find libsres]))
    VAL_LIBS="-lsres $LIBCRYPTO"
    LIBS="$LIBS -lsres"
    AC_CHECK_LIB(val, p_val_status,
                 LIBS="$LIBS -lval"
                 VAL_LIBS="$VAL_LIBS -lval"
                 have_val_res_query=yes,
                 [ AC_CHECK_LIB(pthread, pthread_rwlock_init)
		   AC_CHECK_LIB(val-threads, p_val_status,
                   have_val_res_query=yes
                   LIBS="-lval-threads $LIBS"
                   VAL_LIBS="-lval-threads -lpthread $VAL_LIBS"
                   LIBVAL_SUFFIX="-threads",
                   AC_MSG_ERROR(Can't find libval or libval-threads))
                 ])
    AC_DEFINE(DNSSEC_LOCAL_VALIDATION, 1,
              [Define if you want local DNSSEC validation support])
    DNSSEC="enabled"
else
    DNSSEC="disabled"
fi

LIBS=${_libs}

AC_SUBST(VAL_LIBS)
AC_MSG_CACHE_ADD(Local DNSSEC validation:    $DNSSEC)

 
